CVE-2019-10716

HIGH

Verodin Director < 3.5.3.1 - Improper Privilege Management

Title source: rule

Description

An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.

Exploits (1)

exploitdb WORKING POC

by nxkennedy · pythonwebappsjson

https://www.exploit-db.com/exploits/48002

View Code ZIP pw:eip

References (4)

[Product] https://www.verodin.com/

[Product] https://www.verodin.com/technology/platform

[Exploit, Third Party Advisory] http://www.nolanbkennedy.com/post/cve-2019-10716-information-disclosure-verodin-director

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156214/Verodin-Director-Web-Console-3.5.4.0-Password-Disclosure.html

Scores

CVSS v3 7.7

EPSS 0.0657

EPSS Percentile 91.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE

CWE-269

Status published

Products (1)

verodin/director < 3.5.3.1

Published Oct 21, 2019

Tracked Since Feb 18, 2026